[ previous ] [ next ] [ threads ]
 
 From:  Chet Harvey <chet at pittech dot com>
 To:  David Rodgers <david dot rodgers at kdsi dot net>
 Cc:  Justin Ellison <justin at techadvise dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] M0n0wall with SSL VPN feature
 Date:  Fri, 16 Jul 2004 13:58:43 -0400
my issue with adding this type of functionality is the amount of resources 
necessary. We are not simply talking an end point or an encrypt/decrypt schema 
here. SSL VPN's like Netscreen (Neoteris) have rather large management 
interfaces, much bigger footprint and serve communications via HTTPS. The 
overhead is much bigger than simply a protocol.

There is a reason why a Netscreen firewall is a firewall and the Netscreen SA 
are separate.

Plus I don't like the idea of running a web server exposed to the 
world....makes me feel oookey....

again just my opinion...

Quoting David Rodgers <david dot rodgers at kdsi dot net>:

> >Fair opinion, but arguable that if m0n0 does ipsec, why not SSL vpn's?
> > 
> And to add to this M0n0 does support both pptp and ipsec ... why not one
> more?
> 
> I personally believe that the firewall and the vpn concentrator should
> be seperate devices but most of the world tends to disagree so ....
> 
> David
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
> 


-- 
Chet Harvey
Pitbull Technologies <http://www.pittech.com/> 
Protecting your Digital Assets
703.407.7311